Microsoft acts quickly to fix Hotmail password bug

Hackers had been selling password reset services

Microsoft says it has fixed a bug within its Hotmail email service, which had allowed hackers to easily reset passwords and take control of accounts.

The software giant, which has 350m users signed up for webmail accounts, released the fix amid fears that accounts were being easily compromised.

The bug, discovered earlier this month, sparked reports of hackers offering to carry out the password switch on any account for as little as $20 (£12).

YouTube videos highlighting how to perform the hack, mainly in Arabic, had also started to surface.

Quick fix

Microsoft has issued a statement to say the loophole has now been closed and that Hotmail account holders need take no further action.

"On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected," the company said.

Security firm Sophos has blogged on the subject, pointing out that it's unclear how many accounts have been burgled.

"What isn't known is just how many of Hotmail's 350 million users might have been impacted by the serious security vulnerability - Microsoft certainly isn't saying," the company wrote on its Naked Security blog.

"But if you're worried, there's an easy way to check. Hacked Hotmail accounts would have had their passwords changed to something else - so if you are no longer able to access your Hotmail account it's possible (although by no means definite - there may be other reasons, of course) that your email account fell victim to this attack."